ID

VAR-201906-0501


CVE

CVE-2019-12822


TITLE

Embedthis GoAhead  Buffer error vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-005500

DESCRIPTION

In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself. Embedthis GoAhead Exists in a buffer error vulnerability.Service operation interruption (DoS) It may be in a state. EmbedthisSoftwareGoAhead is an embedded web server from EmbedthisSoftware, USA. A buffer overflow vulnerability exists in the http.c file in versions of EmbedthisGoAhead4.1.1 and 5.x prior to 5.0.1. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow

Trust: 2.25

sources: NVD: CVE-2019-12822 // JVNDB: JVNDB-2019-005500 // CNVD: CNVD-2019-19301 // VULHUB: VHN-144607

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-19301

AFFECTED PRODUCTS

vendor:embedthismodel:goaheadscope:gteversion:5.0.0

Trust: 1.0

vendor:embedthismodel:goaheadscope:ltversion:4.1.1

Trust: 1.0

vendor:embedthismodel:goaheadscope:ltversion:5.0.1

Trust: 1.0

vendor:embedthismodel:goaheadscope:eqversion:4.1.1

Trust: 0.8

vendor:embedthismodel:goaheadscope:eqversion: -

Trust: 0.8

vendor:embedthismodel:goaheadscope:ltversion:5.x

Trust: 0.8

vendor:embedthismodel:goaheadscope:eqversion:5.0.1

Trust: 0.8

vendor:embedthismodel:software embedthis software goaheadscope:ltversion:4.1.1

Trust: 0.6

vendor:embedthismodel:software embedthis software goaheadscope:eqversion:5.*<5.0.1

Trust: 0.6

sources: CNVD: CNVD-2019-19301 // JVNDB: JVNDB-2019-005500 // NVD: CVE-2019-12822

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12822
value: HIGH

Trust: 1.0

NVD: CVE-2019-12822
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-19301
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201906-610
value: HIGH

Trust: 0.6

VULHUB: VHN-144607
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-12822
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-19301
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-144607
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12822
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-19301 // VULHUB: VHN-144607 // JVNDB: JVNDB-2019-005500 // CNNVD: CNNVD-201906-610 // NVD: CVE-2019-12822

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.1

problemtype:CWE-917

Trust: 1.0

problemtype:Buffer error (CWE-119) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-144607 // JVNDB: JVNDB-2019-005500 // NVD: CVE-2019-12822

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-610

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201906-610

PATCH

title:Comparing changes GitHuburl:https://github.com/embedthis/goahead/compare/5349710...579f21f

Trust: 0.8

title:EmbedthisGoAhead Buffer Overflow Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/165345

Trust: 0.6

title:Embedthis GoAhead Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93827

Trust: 0.6

sources: CNVD: CNVD-2019-19301 // JVNDB: JVNDB-2019-005500 // CNNVD: CNNVD-201906-610

EXTERNAL IDS

db:NVDid:CVE-2019-12822

Trust: 3.9

db:JVNid:JVNVU92569237

Trust: 0.8

db:JVNDBid:JVNDB-2019-005500

Trust: 0.8

db:CNNVDid:CNNVD-201906-610

Trust: 0.7

db:CNVDid:CNVD-2019-19301

Trust: 0.6

db:VULHUBid:VHN-144607

Trust: 0.1

sources: CNVD: CNVD-2019-19301 // VULHUB: VHN-144607 // JVNDB: JVNDB-2019-005500 // CNNVD: CNNVD-201906-610 // NVD: CVE-2019-12822

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2019-12822

Trust: 2.0

url:https://github.com/embedthis/goahead/compare/5349710...579f21f

Trust: 1.7

url:https://github.com/embedthis/goahead/issues/285

Trust: 1.7

url:https://jvn.jp/vu/jvnvu92569237/index.html

Trust: 0.8

sources: CNVD: CNVD-2019-19301 // VULHUB: VHN-144607 // JVNDB: JVNDB-2019-005500 // CNNVD: CNNVD-201906-610 // NVD: CVE-2019-12822

SOURCES

db:CNVDid:CNVD-2019-19301
db:VULHUBid:VHN-144607
db:JVNDBid:JVNDB-2019-005500
db:CNNVDid:CNNVD-201906-610
db:NVDid:CVE-2019-12822

LAST UPDATE DATE

2024-08-14T12:40:18.639000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-19301date:2019-06-26T00:00:00
db:VULHUBid:VHN-144607date:2019-06-17T00:00:00
db:JVNDBid:JVNDB-2019-005500date:2023-05-11T08:50:00
db:CNNVDid:CNNVD-201906-610date:2019-06-18T00:00:00
db:NVDid:CVE-2019-12822date:2021-07-21T11:39:23.747

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-19301date:2019-06-26T00:00:00
db:VULHUBid:VHN-144607date:2019-06-14T00:00:00
db:JVNDBid:JVNDB-2019-005500date:2019-06-21T00:00:00
db:CNNVDid:CNNVD-201906-610date:2019-06-14T00:00:00
db:NVDid:CVE-2019-12822date:2019-06-14T14:29:00.843